package com.example.shiro_demo1.controller;

import com.example.shiro_demo1.dto.TestDTO;
import com.example.shiro_demo1.pojo.User;
import com.example.shiro_demo1.service.UserService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpSession;
import javax.validation.Valid;

/**
 * @author cxp
 * @version 1.0
 * @date 2019/6/27 9:32
 */
@RestController
@RequestMapping("")
@Api(tags="表示用来登录的控制类")
public class LoginController {
    @Autowired
    private UserService userService;

    @RequestMapping("/login")
    @ApiOperation(value="跳转登录页面的接口",notes = "测试")
    public String login() {
        return "login";
    }

    @RequestMapping("/index")
    public String index() {
        return "index";
    }

    @RequestMapping("/logout")
    public String logout() {
        //取出当前验证主体
        Subject subject = SecurityUtils.getSubject();
        if (subject != null) {
            subject.logout();//不为空，执行一次logout的操作，将session全部清空
        }
        System.out.println("slave分支");
        return "login";
    }

    @RequestMapping("unauthorized")
    public String unauthorized() {
        return "unauthorized";
    }

    @RequestMapping("/admin")
    @ResponseBody
    public String admin() {
        return "admin success";
    }

    @RequestMapping("/edit")
    @ResponseBody
    @RequiresPermissions("edit")
    public String edit() {
        return "edit success";
    }

    /*
     *
     *
     * */

    /**
     * 整个form表单的验证流程：
     *   将登陆的用户/密码传入UsernamePasswordToken，当调用subject.login(token)开始，调用Relam的doGetAuthenticationInfo方法，开始密码验证
     *   此时这个时候执行我们自己编写的CredentialMatcher（密码匹配器），执行doCredentialsMatch方法，具体的密码比较实现在这实现
     * @param username
     * @param password
     * @param session
     * @return
     */
    @RequestMapping("/loginUser")
    public String loginUser(@RequestParam("username") String username,
                            @RequestParam("password") String password,
                            HttpSession session) {
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        Subject subject = SecurityUtils.getSubject();
        try {
            System.out.println("获取到信息，开始验证！！");
            //登陆成功的话，放到session中
            subject.login(token);
            subject.checkPermission("add");
            User user = (User) subject.getPrincipal();
            session.setAttribute("user", user);
            return "index";
        } catch (Exception e) {
            return "login";
        }
    }

    @RequestMapping("/user/add")
    public void add(){
        System.out.println("进入用户添加");
    }

    @PostMapping("/test01")
    @ApiOperation("测试接口1")
    public TestDTO test01(@RequestBody TestDTO testDTO){
        testDTO.setName("进入接口之后的名字："+testDTO.getName());
        return testDTO;
    }
}
